How to add an anti-spam honeypot to a Webflow form

In this tutorial, Sandro, co-founder of Gemeos Webflow agency, shows you how to add an anti-spam honeypot field to your Webflow forms.

Understanding how the honeypot works

A honeypot is a form field that’s invisible to humans (hidden with CSS) but visible to bots that read the HTML. If the field is filled out on submission, it’s a bot: the submission gets ignored. Humans never see this field and never interact with it.

1. Add a hidden text field to your form

In your Webflow form, add an extra text field. Give it a name that attracts bots: website, url, company_url. Hide it visually with CSS (not display: none, because some bots detect it):

position: absolute; left: -9999px; opacity: 0;

2. Validate on the server or with Zapier

In your Zapier or n8n integration, add a condition: if the honeypot field is filled out, don’t run the action (don’t create the contact, don’t send the email). For Webflow forms without an integration, Webflow itself can be set up to ignore submissions with this field filled out through a Zap filter.

3. Enable Webflow reCAPTCHA (alternative)

In Project Settings > Forms, enable Enable reCAPTCHA. Webflow automatically adds reCAPTCHA v3 (invisible) to all your forms. It’s a more robust solution, but it requires a Google reCAPTCHA account.

Conclusion

Honeypot is the least intrusive anti-spam technique for your visitors.